Computer fraud is big business both for the fraudsters and the people who try to stop them. One common area of computer fraud involves attempts by organizations to infiltrate computers of ordinary people, and by that action to trick those people into giving up confidential information and access codes. The fraudster software may attempt to cause those computers to act automatically in a malicious manner, where such computers are frequently known as “bots.” Groups of such computers may act together in concert under the control of a common entity to form what is commonly referred to as a “botnet.” Bots may act automatically to carry out illegitimate transactions, e.g., with banks or retailers and using credit card or other financial information of the person who is using the particular computer. Such malicious code may also carry out a “Man in the Browser” attack by which a user's computer can be provided with code that intercepts legitimate communications by the user, such as with the user's bank, and does so after the communications have been decrypted, e.g., by a web browser on the computer. Such malicious code may alter the interface that the user sees, such as by generating an interface that looks to the user like the user's bank is requesting particular information (e.g., a PIN number) when in fact the bank would never request such information via a web page. Alternatively, the malicious code may generate an interface that indicates to a user that a banking or shopping transaction executed as the user requested, when in fact, the illegal organization altered the transaction so as to send the user's money to an entity associated with the organization.
Various approaches have been taken to identify and prevent such malicious activity. For example, programs have been developed for operation on client computers or at the servers of the organizations that own and operate those computers to detect improper activity.